Listing of Claims 



The following claims list supercedes any other listing of the claims of the invention. 

1. (Original) A method for controlling access to an object in a data processing 
system, the method comprising: 

receiving an access request to access the object from a task; 

classifying the access request into one of critical and non-critical classes in 
dependence on stored access control data associated with the object and the task; 

granting the task access to the object and storing data indicative of the access in an 
access log if the access is classified into the non-critical class; and, 

in the event that the access is classified into the critical class, granting or denying 
the task access to the object in dependence on the contents of the access log and the stored access 
control data. 

2. (Original) A method as recited in claun 1 , further comprising, in the event that 
the access is classified into the non-critical class, granting or denying the task access to the 
object in dependence on the access control data, and storing data indicative of the grant or denial 
in the access log. 

3. (Original) A method as recited in claim I, wherein the non-critical class 
comprises a plurality of subclasses and the classifying comprises classifying the access request 
into one of the subclasses in dependence on the stored access control data. 

4. (Original) A method as recited in claim 1, wherein the subclasses comprise a 
first subclass and a second subclass. 

5. (Original) A method as recited in claim 4, further comprising storing recovery 
data in the access log if the access is classified into the second subclass. 

6. (Original) A method as recited in claim 5, fiirther comprising: 



2 



G:\IBM\I 05\20960\AniBnd\2O96O.AM l.doe 



inspecting the access log to identify a bad grant decision based on the contents of 
the access log and the access control data; and, 

on detection of a bad grant decision, rolling back any objects affected by the bad 
grant decision. 

7. (Original) A method as recited in claim 6, whereui the rolling back comprises 
recovering data overwritten in the object 

8. (Original) A method as recited in claim 6, further comprising performing the 
inspecting periodically. 

9. (Original) A method as recited in claim 6, fiirther comprising performing the 
inspecting during periods in which the data processing system is otherwise idle. 

10. (Original) An apparatus for controlling access to an object in a data processing 
system, the apparatus comprising: 

an access control data store for storing access control data associated with the 
object and the task; an access log; 

access control logic for receiving a request to access the object from a task; 

decision classifier logic, connected to the access control logic, the access control 
data store, and the access log, for classifying the access request into one of critical and non- 
critical classes in dependence on the access control data, and, in the event that the access is 
classified into the non-critical class, for granting the task access to the object and storing data 
indicative of the access in the access log; and, 

access control decision logic connected to the access control logic, the access log, 
the access control data store, and the decision classifier logic, for, in the event that the access is 
classified into the critical class, granting or denying the task access to the object in dependence 
on the contents of the access log and the access control data. 

11. (Original) An apparatus as recited in claim 10, wherein, in use, the decision 
classifier- logic, in the event that the access is classified into the non-critical class, grants or 
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denies the task access to the object in dependence on the contents of the access control data, and 
stores data indicative of the grant or denial in the access log. 



12. (Original) An apparatus as recited in claim 10, wherein the non-critical class 
comprises a plurality of subclasses and the decision classifier logic, ia use, classifies the access 
request into one of the subclasses in dependence on the access control data. 

13. (Original) An apparatus as recited in claim 10, wherein the subclasses 
comprise a first subclass and a second subclass. 

14. (Original) An apparatus as recited in claim 13, wherein the decision classifier 
logic, in use, stores recovery data ui the access log if the access is classified into the second 
subclass. 



15. (Original) An apparatus as recited in claim 14, wherein the access control 
decision logic, in use, inspects the access log to identify a bad grant decision based on the 

contents of the 

access log and the access control data, on detection of a bad grant decision, effects a roll back of 
any objects affected by the bad grant decision. 

16. (Original) An apparatus as recited in claim 15, wherein the rollmg back 
comprises recovering data overwritten in the object. 

17. (Origmal) An apparatus as recited in claim 15, wherein the access control 
decision logic, ia use, performs the inspection periodically. 

18. (Original) An apparatus as recited in claim 15, wherein the access control 
decision logic, in use, performs the inspection during periods in which the data processing 
system is otherwise idle. 



19. (Original) Data processing system comprismg: 
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a central processor unit; 
a memory; and 

apparatus as recited in claim 10 connected to the central processor unit and the 

memory. 



20. (Currently Amended) A computer Computer -program product the computer 
program product e lem e nt comprising: 

a tangible storage medium readable by a processing circuit and storing instructions for 

execution by the processing circuit for performing c omput e r projBiTam cod e m o ans which, when 

recited in claim 1. 



21 . (Currently Amended) An article of manufacture comprising a computer usable 
medium for storing h a;v4ag-computer readable instructions, which instructions, when processed 

processing system, cause the data processing system to execute the steps set forth in the method 

the computer r e adabl e program cod e m e ans - in-said - article of manufactur e comprising comput e r 
r e adabl e program - eed e' m o ans for causing a comput e r to effec t t h e-s t ^ p s-of claim 1. 

22. (Original) A program storage device readable by machine, tangibly embodying 
a program of instructions executable by the machine to perform method steps for controlling 
access to an object in a data processing system, said method steps comprising the steps of claim 
1. 



23. (Currently Amended) A data processing system, the data processing system 
comprismg an apparatus for controlling access to at least one object in the data processing 
system, wherein said apparatus is set forth in computer program -i product comprising a comput e r 
usable m e di - um having comput e r r e adabl e program cod e moons embodi e d therein for causing 
control of access to an obj e ct in a data proc e ssing a yatcm, th e computer r e adabl e pro g r - am -ee d e 
moans in said computer program product - eempHsing comput e r r e adabl e program code mcano for 
causing a computer to e ff e ct the fun e tieHS - e -: & <;laim 10. 
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